Insights from the KPMG 2022 Fraud Outlook
Companies in North America and Latin America are under attack, and the strikes are increasing in size, scope, and severity. Threat levels are rising in all industries, regardless of company size. These key findings are included in A triple threat across the Americas, the KPMG Fraud Outlook for 2022.
Our survey suggests that fraud, cyber breaches, and non-compliance are tightly interconnected. Each threat affects the others in what we call the “threat loop.” These threats and the damage they inflict have become the costly norm. Many companies have limited defenses in place, and the shift to remote and hybrid work during the pandemic is making existing controls less effective.
We believe that compliance officers can help address these threats by serving as trusted advisors to their companies. Backed by improved data aggregation and analysis, compliance officers can work with stakeholders to identify key risk areas and design controls for effective threat mitigation.
A key revelation of this year’s study is the growing range, diversity, and effectiveness of today’s fraudsters. They include:
Even customers and clients can present serious threats, such as data theft and corporate espionage involving trade secrets and intellectual property.
Which of the following types of individuals are known to have been involved in fraud or misconduct (either alone or in collusion) at your company during the past 12 months?
With digital transformation, these threats are becoming more sophisticated every day. Traditional threats like phishing emails and malware are supplemented by new threats such as “form jacking” to gather payment information and data theft from sensor devices connected to a company’s Internet of Things network.
Faced with a dangerous and rapidly evolving threat environment, compliance officers naturally want to mitigate threats before their company suffers actual damage. Commonly, this involves a top-down program and a proven set of rules developed by the compliance team and applied across the enterprise.
However, we live in uncommon times. A global pandemic, remote working, increased regulatory presence, and a stream of newly developed digital threats mean that compliance leaders first need to understand the threats. The type, magnitude, location, and potential weaknesses might be undetected by standard compliance audits.
A bottom-up approach based on a more granular and accurate assessment of threats can often be more effective than a top-down, check-the-box mentality. Conducting a risk comprehensive review that incudes fraud and misconduct, compliance and cyber security across the enterprise can inform where controls are needed. While reacting to current attacks, companies should thoroughly aggregate and analyze data to identify new and potential threats. Establishing a program that enables employees to detect and report threats is important. Armed with this knowledge, they can then establish threat-mitigation strategies that can be better targeted and more proactive in design.
Much of this knowledge is highly technical. Compliance teams are usually comprised of CPAs, former law enforcement officers and lawyers. In today’s increasingly digitized business world, the team should also include data scientists, data miners, and other technology experts who can use AI-based analysis to aggregate company information, identify suspicious patterns, and pinpoint fraud and covert attacks.
A compliance leader needs to have financial acumen, the capacity to handle large amounts of data, and the ability to empathize with employees across the organization — all while maintaining a healthy skepticism about potential fraud or statements of compliance by suppliers and outside business associates.
Today’s compliance leader has the opportunity to expand and strengthen these roles by serving as a trusted advisor to the company. This begins with the understanding that threat mitigation is a two-way street, not just a set of rules, procedures, and technology.
Instead, the compliance leaders can work with managers, employees, and other parties to develop a culture that encourages ethical conduct and a commitment to compliance.
Executives expect a continued increase in risk across the three threats. Companies can help mitigate these risks with a tightly integrated yet flexible approach involving stakeholders at every level of the enterprise.
Based on a survey of 640 executives
KPMG LLP does not provide legal services.
Respondents represent companies across a range of sizes
A triple threat across the Americas: KPMG 2022 Fraud Outlook
A review of the fraud, compliance and cyber security risks facing the Americas
Protect your cloud investment with a Security Command Center
Learn how to rapidly set up your security posture when transforming your infrastructure to the cloud
State governments modernize through managed services
Outdated tech has a domino effect, and that’s certainly true in government. It threatens security, resilience, and trust.